Projects per year
Abstract
Trusted-execution environments (TEEs) offer confidentiality in shared environments. While Intel restricts performance counter access, limiting load-balancing and anomaly detection on TEEs, AMD exposes performance counters to the host, leaving the TEE vulnerable to side-channel leakage.
In this paper, we propose TEEcorrelate, a lightweight information-preserving defense against performance-counter attacks on TEEs. TEEcorrelate reconciles monitoring capabilities of the host and confidentiality requirements of the TEE, by statistically decorrelating performance counters. TEEcorrelate combines two components, temporal decorrelation using counter aggregation windows, and value decorrelation using fuzzy performance counter increases. With default parameters, TEEcorrelate guarantees that the host can read performance counters hundreds of times per second, while the read value never deviates by more than 1024 from the actual value. Hence, the host can still use them for load-balancing, accounting, and detection of unusual or malicious activity. In state-of-the-art attacks on MbedTLS RSA 4096, a TOTP implementation, and the post-quantum HQC key-encapsulation mechanism, attack runtimes increase from 0.58-429 seconds to 10-775.6 days, even for a powerful, fully-informed attacker. We estimate that TEEcorrelate on AMD SEV-SNP has a negligible performance impact of 0.03 % for most context switches, and overall less than 0.09 %. Hence, TEEcorrelate is an effective low cost mitigation for all TEEs.
In this paper, we propose TEEcorrelate, a lightweight information-preserving defense against performance-counter attacks on TEEs. TEEcorrelate reconciles monitoring capabilities of the host and confidentiality requirements of the TEE, by statistically decorrelating performance counters. TEEcorrelate combines two components, temporal decorrelation using counter aggregation windows, and value decorrelation using fuzzy performance counter increases. With default parameters, TEEcorrelate guarantees that the host can read performance counters hundreds of times per second, while the read value never deviates by more than 1024 from the actual value. Hence, the host can still use them for load-balancing, accounting, and detection of unusual or malicious activity. In state-of-the-art attacks on MbedTLS RSA 4096, a TOTP implementation, and the post-quantum HQC key-encapsulation mechanism, attack runtimes increase from 0.58-429 seconds to 10-775.6 days, even for a powerful, fully-informed attacker. We estimate that TEEcorrelate on AMD SEV-SNP has a negligible performance impact of 0.03 % for most context switches, and overall less than 0.09 %. Hence, TEEcorrelate is an effective low cost mitigation for all TEEs.
| Original language | English |
|---|---|
| Title of host publication | USENIX Security 2025 |
| Publication status | Published - 13 Aug 2025 |
| Event | 34th USENIX Security Symposium: USENIX Security 2025 - Seattle, United States Duration: 13 Aug 2025 → 15 Aug 2025 Conference number: 34 https://www.usenix.org/conference/usenixsecurity25 |
Conference
| Conference | 34th USENIX Security Symposium |
|---|---|
| Abbreviated title | USENIX'25 |
| Country/Territory | United States |
| City | Seattle |
| Period | 13/08/25 → 15/08/25 |
| Internet address |
Fields of Expertise
- Information, Communication & Computing
Fingerprint
Dive into the research topics of 'TEEcorrelate: An Information-Preserving Defense against Performance-Counter Attacks on TEEs'. Together they form a unique fingerprint.Projects
- 2 Active
-
EU - FSSec - Foundations for Sustainable Security
Gruss, D. (Co-Investigator (CoI))
1/03/23 → 29/02/28
Project: Research project
-
Special Research Area (SFB) F85 Semantic and Cryptographic Foundations of Security and Privacy by Compositional Design
Mangard, S. (Co-Investigator (CoI))
1/01/23 → 31/12/26
Project: Research project